Splunk Search

Limit on number of OR conditions in a search query

keerthana_k
Communicator

Hi,

I would like to know if there is a limit to the number of OR conditions that we can include as part of a search query?

Thanks,

Keerthana

0 Karma

renjith_nair
Legend

We have used more than 100 especially when splunk converts sub searches to OR conditions and even in format. So most probably there are no limits we are aware of.

If you are facing an issue in searches it might be because of other limits in http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Limitsconf

There should be better ways to write search without using a lot of OR conditions.

---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
0 Karma

jplumsdaine22
Influencer

Also you should get an alert in the UI if you violate any limits in the search

0 Karma

keerthana_k
Communicator

Actually we are running the search in back end from a Python script where we form the search query dynamically with the OR conditions. As we are not sure of the number of conditions, I wanted to know if there was a limit.

0 Karma

thirumalreddyb
Communicator

Print the search query to a file/log and run the same query in the Splunk UI. This might help you understand whether your query has any other errors and search violations or any. As I know of, there isn't any such limit for OR.

0 Karma

jplumsdaine22
Influencer

No hard limit.

https://answers.splunk.com/answers/13480/is-there-a-character-limit-for-search-queries.html

How long are you talking about? Also I'd check the limits of your python libraries.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...